@Dietrich T. Schmitz * Your Linux Advocate
Google Engineers say so. Citation:
The operating system might have bugs. Of interest are bugs in the Windows API that allow the bypass of the regular security checks. If such a bug exists, malware will be able to bypass the sandbox restrictions and broker policy and possibly compromise the computer.
Under Windows, there is no practical way to prevent code in the sandbox from calling a system service.
In addition, third party software, particularly anti-malware solutions, can create new attack vectors. The most troublesome are applications that inject dlls in order to enable some (usually unwanted) capability. These dlls will also get injected in the sandbox process. In the best case they will malfunction, and in the worst case can create backdoors to other processes or to the file system itself, enabling specially crafted malware to escape the sandbox.
It is worth mentioning this because nobody else is talking about it.
The issue is that Google Engineers have identified an inherent Windows operating system limitation and have posted ‘clearly’ their Caveats on-line.
As a sidebar, I will mention that, while you set up Internet Explorer on a pedestal and put Google in a ‘bad light’ here, there are other ‘safer alternatives’ for addressing the subject of ‘malware protection’.
Namely, Linux offers such protection in the form of Linux Security Modules (LSM).
For example, Ubuntu Linux running AppArmor LSM with Firefox in its sandbox guarantees that no malware vector can escalate and further, LSM does police the kernel! There is zero percent chance of any malware infection using LSM sandboxed Firefox
That makes Linux the safer choice.
I stake my reputation on it.